1. Field of the Invention
The present invention relates to a wireless communication system. More particularly, the present invention relates to a method and system for encrypting data in a wireless communication system.
2. Description of the Related Art
In a 4th Generation (4G) communication system or a next-generation communication system, research is being developed to provide high-speed services having various Quality of Service (QoS) classes to users. More particularly, in the 4 G communication system, many studies have been conducted to support high-speed services guaranteeing mobility and QoS for Broadband Wireless Access (BWA) communication systems such as a wireless Local Area Network (LAN) system and a wireless Metropolitan Area Network (MAN) system. These wireless communication systems may include, for example, the Institute of Electrical and Electronics Engineers (IEEE) 802.16e and 802.16m standard communication systems. For convenience, in the following description, it is assumed that these wireless communication systems are IEEE 802.16e and 802.16m communication systems.
In a wireless communication system, a security sub-layer is used. The security sub-layer identifies a duly authorized user, Subscriber Station (SS) or a Mobile Station (MS) and allows the authorized SS to access the network. The security sub-layer also provides integrity of messages transmitted to the SS and a Base Station (BS). For the purpose of confidentiality of traffic data being transmitted and authentication of a sender, the security sub-layer includes a Privacy Key Management (PKM) protocol for transmitting a security key and its associated information from the BS to the SS. The PKM protocol facilitates mutual authentication between the SS and the BS, and enables distribution of an encryption key from the BS to the SS.
By authenticating the SS or user, the BS allows an authorized subscriber to access the network, but blocks access to the network by an attacker impersonating a legitimate subscriber. While the BS authenticates the SS, or the BS and the SS perform mutual authentication, an encryption negotiation is carried out to maintain confidentiality of the traffic data being transmitted. If a negotiation for encrypting traffic data is conducted in an authentication process, the BS is required to transmit a Traffic Encryption Key (TEK), a key used for encryption. The TEK is a key shared only between a specific SS and the BS, and is a key that should not be exposed to other SSs or systems.
In the wireless communication system, the TEK is commonly generated with a random number, and the TEK may be generated in the BS and transmitted to the SS. To transmit the TEK without exposure to the outside, the BS encrypts the TEK before transmission. A Key Encryption Key (KEK) is used to encrypt the TEK before transmission, and if authentication is completed, the KEK is generated in each of the SS and the BS.
If the TEK is transmitted to the SS, the BS encrypts traffic data using the TEK and transmits the encrypted traffic data to the SS. The SS decrypts the encrypted traffic data using the same TEK as that of the BS. Thus, the encryption performed using the TEK shared between the SS and the BS can ensure confidentiality of the traffic data being transmitted.
Meanwhile, in the wireless communication system, for continuous service provision, a re-authentication or re-authorization process should be performed and the TEK should be periodically updated. As a result, if a timer for a TEK update expires, the SS may request the BS to provide a new TEK. In response to the request, the BS encrypts a new TEK and transmits the new TEK to the SS. Therefore, the SS can update the TEK by decrypting the new TEK received from the BS.
In the wireless communication system, handover is performed to provide a seamless service to a moving SS.
An SS decides whether to handover by exchanging handover-related messages with a serving BS. Upon the decision to handover, the SS cell switches to a target BS, and then transmits a Ranging Request (RNG-REQ) message to the target BS. Upon receiving the RNG-REQ message, the target BS transmits a Ranging Response (RNG-RSP) message to the SS and terminates the handover.
The RNG-RSP message includes a TEK for encryption of traffic data to be transmitted between the SS and the target BS. Accordingly, after the termination of the handover, the SS and the BS may encrypt traffic data using the TEK and exchange the encrypted traffic data. However, the SS and the BS may not transmit encrypted traffic data until the SS receives the RNG-RSP message and decrypts the TEK.
In addition, since the RNG-RSP message includes a variety of information, such as Connection IDentification (CID) information necessary for transmission/reception of traffic data, in addition to the TEK, the transmission/reception of traffic data may not be carried out until the RNG-RSP message is received at the SS.
Therefore, a need exists for a data encryption method and system in a wireless communication system that prevents a change in a TEK.